[OVN] Check if OVN NB supports stateless NAT rules

Added a check for OVN NB schema, looking for "options" field in "NAT"
table (added in OVN NB schema 5.17).

This patch removes the code to support OVN without stateless NAT rules.
It is assumed that "options" field in "NAT" table is always present.

Closes-Bug: #1949494
Change-Id: Ib3b6dd68009ab635627168b11626d7e7c548ee2f
This commit is contained in:
Rodolfo Alonso Hernandez 2021-11-02 17:10:20 +00:00
parent 12eecf9679
commit ce1a87057a
6 changed files with 39 additions and 23 deletions

View File

@ -51,6 +51,7 @@ DIRECT_PORT_QOS_MIN_OVS_VERSION = '2.11'
MINIMUM_DIBBLER_VERSION = '1.0.1' MINIMUM_DIBBLER_VERSION = '1.0.1'
CONNTRACK_GRE_MODULE = 'nf_conntrack_proto_gre' CONNTRACK_GRE_MODULE = 'nf_conntrack_proto_gre'
OVN_NB_DB_SCHEMA_PORT_GROUP = '5.11' OVN_NB_DB_SCHEMA_PORT_GROUP = '5.11'
OVN_NB_DB_SCHEMA_STATELESS_NAT = '5.17'
class OVNCheckType(enum.Enum): class OVNCheckType(enum.Enum):
@ -597,3 +598,17 @@ def ovn_nb_db_schema_port_group_supported():
'Exception: %s', e) 'Exception: %s', e)
return False return False
return True return True
def ovn_nb_db_schema_stateless_nat_supported():
try:
ver = _get_ovn_version(OVNCheckType.nb_db_schema)
minver = versionutils.convert_version_to_tuple(
OVN_NB_DB_SCHEMA_STATELESS_NAT)
if ver < minver:
return False
except (OSError, RuntimeError, ValueError) as e:
LOG.debug('Exception while checking OVN DB schema version. '
'Exception: %s', e)
return False
return True

View File

@ -311,6 +311,14 @@ def check_ovn_nb_db_schema_port_group_support():
return result return result
def check_ovn_nb_db_schema_stateless_nat():
result = checks.ovn_nb_db_schema_stateless_nat_supported()
if not result:
LOG.warning('OVN NB DB schema does not support stateless NAT. This '
'support was added in DB schema version 5.17.')
return result
# Define CLI opts to test specific features, with a callback for the test # Define CLI opts to test specific features, with a callback for the test
OPTS = [ OPTS = [
BoolOptCallback('ovs_vxlan', check_ovs_vxlan, default=False, BoolOptCallback('ovs_vxlan', check_ovs_vxlan, default=False,
@ -379,6 +387,10 @@ OPTS = [
check_ovn_nb_db_schema_port_group_support, check_ovn_nb_db_schema_port_group_support,
help=_('Check OVN NB DB schema support Port_Group'), help=_('Check OVN NB DB schema support Port_Group'),
default=False), default=False),
BoolOptCallback('ovn_nb_db_schema_stateless_nat_support',
check_ovn_nb_db_schema_stateless_nat,
help=_('Check OVN NB DB schema support stateless NAT'),
default=False),
] ]
@ -427,6 +439,7 @@ def enable_tests_from_config():
cfg.CONF.set_default('check_min_tx_rate_support', True) cfg.CONF.set_default('check_min_tx_rate_support', True)
if 'ovn' in cfg.CONF.ml2.mechanism_drivers: if 'ovn' in cfg.CONF.ml2.mechanism_drivers:
cfg.CONF.set_default('ovn_nb_db_schema_port_group_support', True) cfg.CONF.set_default('ovn_nb_db_schema_port_group_support', True)
cfg.CONF.set_default('ovn_nb_db_schema_stateless_nat_support', True)
def all_tests_passed(): def all_tests_passed():

View File

@ -283,9 +283,6 @@ class DBInconsistenciesPeriodics(SchemaAwarePeriodicsBase):
@rerun_on_schema_updates @rerun_on_schema_updates
def migrate_to_stateless_fips(self): def migrate_to_stateless_fips(self):
"""Perform the migration from stateful to stateless Floating IPs. """ """Perform the migration from stateful to stateless Floating IPs. """
if not self._ovn_client.is_stateless_nat_supported():
raise periodics.NeverAgain()
# Only the worker holding a valid lock within OVSDB will perform the # Only the worker holding a valid lock within OVSDB will perform the
# migration. # migration.
if not self.has_lock: if not self.has_lock:

View File

@ -117,10 +117,6 @@ class OVNClient(object):
return self._nb_idl.is_col_supports_value('ACL', 'action', return self._nb_idl.is_col_supports_value('ACL', 'action',
'allow-stateless') 'allow-stateless')
# TODO(ihrachys) remove when min OVN version >= 20.03
def is_stateless_nat_supported(self):
return self._nb_idl.is_col_present('NAT', 'options')
def _get_allowed_addresses_from_port(self, port): def _get_allowed_addresses_from_port(self, port):
if not port.get(psec.PORTSECURITY): if not port.get(psec.PORTSECURITY):
return [], [] return [], []
@ -745,9 +741,8 @@ class OVNClient(object):
'logical_ip': floatingip['fixed_ip_address'], 'logical_ip': floatingip['fixed_ip_address'],
'external_ip': floatingip['floating_ip_address'], 'external_ip': floatingip['floating_ip_address'],
'logical_port': floatingip['port_id'], 'logical_port': floatingip['port_id'],
'external_ids': ext_ids} 'external_ids': ext_ids,
if self.is_stateless_nat_supported(): 'options': {'stateless': 'true'}}
columns['options'] = {'stateless': 'true'}
if ovn_conf.is_ovn_distributed_floating_ip(): if ovn_conf.is_ovn_distributed_floating_ip():
if self._nb_idl.lsp_get_up(floatingip['port_id']).execute(): if self._nb_idl.lsp_get_up(floatingip['port_id']).execute():

View File

@ -140,9 +140,7 @@ class TestDBInconsistenciesPeriodics(testlib_api.SqlTestCaseLight,
never_again=False) never_again=False)
def _test_migrate_to_stateless_fips_helper( def _test_migrate_to_stateless_fips_helper(
self, stateless_supported, migration_expected, never_again): self, migration_expected, never_again):
self.fake_ovn_client.is_stateless_nat_supported.return_value = (
stateless_supported)
with mock.patch.object(ovn_db_sync.OvnNbSynchronizer, with mock.patch.object(ovn_db_sync.OvnNbSynchronizer,
'migrate_to_stateless_fips') as mtsf: 'migrate_to_stateless_fips') as mtsf:
if never_again: if never_again:
@ -156,16 +154,10 @@ class TestDBInconsistenciesPeriodics(testlib_api.SqlTestCaseLight,
else: else:
mtsf.assert_not_called() mtsf.assert_not_called()
def test_migrate_to_stateless_fips_not_needed(self):
self._test_migrate_to_stateless_fips_helper(
stateless_supported=False, migration_expected=False,
never_again=True)
def test_migrate_to_stateless_fips(self): def test_migrate_to_stateless_fips(self):
# Check normal migration path: if the migration has to be done, it will # Check normal migration path: if the migration has to be done, it will
# take place and won't be attempted in the future. # take place and won't be attempted in the future.
self._test_migrate_to_stateless_fips_helper(stateless_supported=True, self._test_migrate_to_stateless_fips_helper(migration_expected=True,
migration_expected=True,
never_again=True) never_again=True)
def test_migrate_to_stateless_fips_no_lock(self): def test_migrate_to_stateless_fips_no_lock(self):
@ -175,8 +167,7 @@ class TestDBInconsistenciesPeriodics(testlib_api.SqlTestCaseLight,
# Check that if this worker doesn't have the lock, it won't # Check that if this worker doesn't have the lock, it won't
# perform the migration and it will try again later. # perform the migration and it will try again later.
self._test_migrate_to_stateless_fips_helper( self._test_migrate_to_stateless_fips_helper(
stateless_supported=True, migration_expected=False, migration_expected=False, never_again=False)
never_again=False)
def _test_fix_create_update_network(self, ovn_rev, neutron_rev): def _test_fix_create_update_network(self, ovn_rev, neutron_rev):
with db_api.CONTEXT_WRITER.using(self.ctx): with db_api.CONTEXT_WRITER.using(self.ctx):

View File

@ -0,0 +1,5 @@
---
features:
- |
Since this version, the support for stateless security groups is mandatory.
The minimum OVN NB schema version must be 5.17.